<\/strong>
The advent of various technologies and increase in the levels of sophistication in cyber incidents<\/a> today, staying on top, let alone ahead of cyber threats can sometimes seem impossible. COVID-19 created new challenges for businesses as they adapted to working from home, which became the ‘new normal’. Today, cybersecurity for companies is a major concern and a cyber incident can quickly and easily escalate to a business crisis. This may lead to high-profile media attention, financial losses, operational disruption, increased regulatory scrutiny, and\/or damage to customer loyalty and investor confidence. Hence, organisations must stay abreast and know how to handle\/deal with cyber incidents tactfully, while embracing a proactive approach to help minimise the impact of such incidents.
Instead of a traditional reactive approach, employing a hybrid approach is the need of the hour. A hybrid approach incorporates mechanisms to proactively detect cybersecurity incidents\/risks to respond and remediate and can reduce the possibility of future recurrences. Such a proactive incident response and readiness plan can help organisations discover and contain threats much earlier, while saving costs.
The Indian Computer Emergency Response Team (CERT-IN), India’s national nodal agency for responding to computer security incidents, has recently come out with a set of directives for service providers, intermediaries, data centres, body corporate, and government organisations to augment and strengthen the country’s cybersecurity efforts. The directive is significant as it stipulates shared responsibilities amongst all shareholders and punitive action for non-compliance. It significantly expands the range of cyber incidents that needs to be reported to 20 categories, including defacement of websites, unauthorised access to social media, data breach, data leaks. Some significant features of the directive include the following:
- Synchronise information and communication technologies (ICT) systems’ clocks. <\/li>
- Report cyber incidents to CERT-IN within six hours of noticing the incident or being brought to notice. <\/li>
- Act or provide information or assist CERT-IN, towards possible cybersecurity mitigation actions and enhanced awareness.<\/li>
- Designate a point of contact to interface with CERT-IN.<\/li>
- Enable logs of all ICT systems and maintain them within the Indian jurisdiction for a rolling period of 180 days and share as and when required\/directed.<\/li>
- Data centres, Virtual Private Server (VPS) providers, cloud service providers and Virtual Private Network Service<\/a> (VPN Service) need to maintain details of subscribers\/customers for five years or longer as mandated by the law (after cancellation or withdrawal).<\/li>
- Virtual asset service providers, virtual asset exchange providers, and custodian wallet providers need to maintain Know Your Customer (KYC) information and records of financial transactions for five years.<\/li><\/ol>A dedicated Cyber Incident Response team for effective pre-emptive and post incident actions, could therefore be extremely advantageous. This team can manage, mitigate, and guide an organisation during such times and ensure all necessary actions and checks are carried out in a compliant manner.
Based on Deloitte’s experience in helping organisations prevent cyberattacks\/protect valuable assets, investigate cybersecurity incidents, and support global organisations, here are some best practices that could help organisations prepare for any cyber incident(s):- Prepare a robust incident response plan, detailed step-by-step playbook, and standard operating procedures on how to respond efficiently in an unforeseen cyber incident. <\/li>
- Develop a team of first-incident respondents who can act in the first four golden hours after the incident has taken place. This can ensure quick containment of ‘the attack’ and recovery of information, followed by the collection of right artefacts to perform a root-cause analysis.<\/li>
- Identify the consequences (financial, operational, reputational) of a cyber incident and the stakeholders who could be affected.<\/li>
- Perform a digital forensic readiness assessment of critical applications\/infrastructure on a periodic basis, to understand if all relevant information and data is being captured, retained, restored, when an incident investigation is triggered. This will also help comply with cybersecurity guidelines<\/a> issued by various regulators, such as RBI, IRDA, SEBI. <\/li>
- Promote a culture that focusses on cybersecurity within an organisation by conducting regular training sessions for employees, stakeholders, and the third-party ecosystem to help them recognise cyber threats.<\/li>
- Test your incident response plan regularly with your employees to ensure that the response team is ready, and the plan is thorough and practical.<\/li>
- Consider opting for cyber insurance coverage and mandatorily enable logs of all systems and maintain them securely for a rolling period of 180 days. In case the business is financial in nature, the directive suggests that all transactional logs and information must be preserved for at least five years.<\/li>
- Designate a point of contact to interface with CERT-IN. This information should be shared with CERT-IN in the format specified by the directive and updated from time to time.<\/li>
- It is suggested (in the directive) that all service providers, intermediaries, data centres, body corporates, and government organisations should connect to the Network Time Protocol (NTP) Server of National Informatics Centre<\/a> (NIC) or National Physical Laboratory<\/a> (NPL) or with NTP servers traceable to these NTP servers, for the synchronisation of all their ICT systems clocks.<\/li>
- Retool and rewrite in a world of constantly changing technologies and threats. Adjust your cyber incident response plan at regular intervals to ensure that it is updated as needed.<\/li><\/ul>There is no foolproof way to completely shield yourself from cyber incidents, but readiness to deal with any cyber incident is key to surviving and recovering from its impact.
<\/em><\/body>","next_sibling":[{"msid":91881128,"title":"'Regulate all online skill-based games, not just fantasy gaming'","entity_type":"ARTICLE","link":"\/news\/regulate-all-online-skill-based-games-not-just-fantasy-gaming\/91881128","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[{"msid":"91880285","title":"cyber security","entity_type":"IMAGES","seopath":"corporate-news\/a-new-six-hour-reporting-timeline-to-flag-cyber-incidents\/cyber-security","category_name":"A new six-hour reporting timeline to flag cyber incidents","synopsis":"Representative Image. (Getty Images) ","thumb":"https:\/\/etimg.etb2bimg.com\/thumb\/img-size-35158\/91880285.cms?width=150&height=112","link":"\/image\/corporate-news\/a-new-six-hour-reporting-timeline-to-flag-cyber-incidents\/cyber-security\/91880285"}],"msid":91881202,"entity_type":"ARTICLE","title":"A new six-hour reporting timeline to flag cyber incidents","synopsis":"Instead of a traditional reactive approach, employing a hybrid approach is the need of the hour. A hybrid approach incorporates mechanisms to proactively detect cybersecurity incidents\/risks to respond and remediate and can reduce the possibility of future recurrences. Such a proactive incident response and readiness plan can help organisations discover and contain threats much earlier, while saving costs.","titleseo":"telecomnews\/a-new-six-hour-reporting-timeline-to-flag-cyber-incidents","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":101,"shares":0,"engagementtimems":505000},"Alttitle":{"minfo":""},"artag":"ETCIO","artdate":"2022-05-30 10:01:09","lastupd":"2022-05-30 10:05:46","breadcrumbTags":["cyber incidents","internet","financial advisory","deloitte india","virtual private network service","national physical laboratory","national informatics centre","cyber security","cert in","cybersecurity guidelines"],"secinfo":{"seolocation":"telecomnews\/a-new-six-hour-reporting-timeline-to-flag-cyber-incidents"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2022-05-30" data-index="article_1">- Telecom乐动扑克News
- 4分钟阅读
一个新的六小时报告旗网络事件的时间表
代替传统的被动方法,采用混合方法是需要一个小时。混合方法整合机制主动发现网络安全事件/风险做出反应和调整,可以减少未来的复发的可能性。这样积极的事件反应和准备计划可以帮助组织更早发现和包含的威胁,同时节约了成本。
萨钦Yadav,阿尼兹卡塔Bhavsar和沙玛
各种技术的出现和成熟的水平增加网络事件今天,住在上面,更不用说网络威胁之前,有时似乎是不可能的。COVID-19为企业创造了新的挑战,因为他们适应在家工作,而成为了“新常态”。今天,网络安全公司是一个主要问题,一个网络事件可以快速、轻松地升级商业危机。这可能导致高调的媒体的关注,经济损失,业务中断,增加监管审查和/或损害客户忠诚度和投资者的信心。因此,组织必须保持同步,并知道如何处理/处理网络事件巧妙,虽然接受积极的方法来帮助减少此类事件的影响。
代替传统的被动方法,采用混合方法是需要一个小时。混合方法整合机制主动发现网络安全事件/风险做出反应和调整,可以减少未来的复发的可能性。这样积极的事件反应和准备计划可以帮助组织更早发现和包含的威胁,同时节约了成本。
印度计算机紧急响应小组(、),印度国家节点机构应对计算机安全事件,最近推出的一组指令服务提供商,中介机构,数据中心,法人团体,政府机构扩大和加强网络安全的努力。指令十分重要,因为它规定所有股东之间共同责任和惩罚性措施不符合。它大大扩展了范围的网络事件,需要报告给20个类别,包括网站乱涂,未经授权的访问社交媒体,数据,数据泄漏。指令的一些重要特性包括以下:
- 同步信息和通讯技术(ICT)系统的时钟。
- 6小时内报告网络事件、注意到事件或被注意到。
- 行为或提供信息或帮助、对可能的网络安全减灾行动和增强意识。
- 指定一个联系人、接口。
- 启用日志的ICT系统和维护它们在印度管辖范围内滚动一段180天,分享和在需要时/指导。
- 数据中心、虚拟私人服务器(VPS)提供者,云服务提供商和虚拟专用网络服务(VPN服务)需要维护用户/客户五年或更长时间的细节是由法律授权(取消或退出后)。
- 虚拟资产服务提供商、虚拟资产交换供应商,和托管人的钱包提供者需要维护知道你客户什么信息和记录金融交易的五年。
根据德勤的经验在帮助组织防止网络攻击/保护有价值的资产,调查网络安全事件,国际组织和支持,下面是一些最佳实践,可以帮助组织准备任何网络事件(s):
- 准备一个健壮的事件响应计划,详细的一步一步的剧本,和标准操作程序如何有效进行应对不可预见的网络事件。
- 开发一组初始事件受访者可以在头四金事件发生几小时后。这可以确保快速遏制“攻击”和恢复信息,其次是对文物的收集进行根源分析。
- 识别结果(财务、运营、声誉)的网络事件,涉众可能会受到影响。
- 执行数字法庭准备评估的关键应用程序/基础设施定期了解如果被捕获的所有相关信息和数据,保留、恢复,当一个事件调查。这也将帮助遵守网络安全指导方针各种监管机构出具,如央行,红外线,印度证券交易委员会。
- 促进文化小说在网络安全公司内部进行定期培训员工,利益相关者,和第三方生态系统来帮助他们认识到网络威胁。
- 测试您的事件响应计划定期与员工以确保反应小组准备好了,计划是全面和实用。
- 考虑选择网络保险和强制启用日志的所有系统和维护安全滚动一段180天。业务在本质上是金融,指令表明所有的事务日志和信息必须保存至少5年。
- 指定一个联系人、接口。这个信息应该共享与指定的格式、指令和更新的时候。
- 建议(指令),所有服务提供者、中介机构、数据中心,企业,和政府机构应该连接到网络时间协议(NTP)服务器国家信息中心(NIC)或国家物理实验室(不良贷款)或与国家结核控制规划服务器追踪到这些国家结核控制规划服务器,所有他们的ICT系统时钟的同步。
- 重组和重写的世界不断变化的技术和威胁。调整你的网络事件响应计划定期更新,以确保它。
- Virtual asset service providers, virtual asset exchange providers, and custodian wallet providers need to maintain Know Your Customer (KYC) information and records of financial transactions for five years.<\/li><\/ol>A dedicated Cyber Incident Response team for effective pre-emptive and post incident actions, could therefore be extremely advantageous. This team can manage, mitigate, and guide an organisation during such times and ensure all necessary actions and checks are carried out in a compliant manner.
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动